Continue in 2 seconds

Henssler Financial Satisfies Stringent Compliance Requirements for Database Auditing

  • July 01 2004, 1:00am EDT
More in

REVIEWER: Tim O'Pry, CTO for The Henssler Financial Group.

BACKGROUND: The Henssler Financial Group manages more than $900 million in assets, providing customized wealth management for individuals and corporations and managing The Henssler Equity Fund. The company started in 1987, after founder Dr. Gene Henssler (a college finance professor at the time) developed a large following for his radio show on investing, with many listeners clamoring for his personal assistance in managing their finances. From this unlikely beginning grew one of the most respected and successful financial management firms in the Atlanta area.

PLATFORMS: Henssler runs Lumigent Entegra on Dell servers and Microsoft SQL Server 2000.

PROBLEM SOLVED: Henssler had begun to develop plans for a new IT system, which would have to meet a growing number of compliance regulations. While we have always met SEC regulations, our firm has much tighter requirements to meet internal security and audit policies that go beyond mandated legal controls. Combined, these government and company requirements meant that we needed an IT system that assures data integrity and provides a means for us to trust that our data is secure and accurate. Previously, we were restricted to just a few options to account for data changes and create records for internal review and SEC audits: the use of triggers or modification of each application. These methods were costly, time-consuming and incomplete because they do not capture data viewing activity, often miss changes to database permissions and schema and do not account for direct database access - posing compliance risk.

PRODUCT FUNCTIONALITY: We realized very quickly that Entegra was going to make life a lot easier. I saw the return on investment during the design phase of our new IT system. Without it, we would have spent several hundred hours designing, writing and rewriting triggers alone. Entegra was a far better solution; it has given us complete assurance about the accuracy of our data.

STRENGTHS: Entegra is an enterprise-level data integrity solution that helps us address compliance, security, audit and privacy requirements by providing unprecedented visibility into how data assets are being used and modified. Entegra lets our IT staff monitor, through audit reports, how the database is changing. We can easily see who has changed an item and what the previous information was. If an employee changes a customer telephone number and an account representative then finds that the number doesn't work, we can look back using Entegra to see who made the change, what the previous number was and make appropriate corrections. Having this information makes it easy to restore an entire record or column within a record; it was much more difficult and time-consuming before Entegra. Additionally, this product has been rock-solid. Unlike some vendors that are members of the "patch of the week club," Lumigent has never had this problem. When updates have been released, the notification and update information is precise and, most importantly, did not require a server reboot nor result in any downtime.

WEAKNESSES: The only weaknesses are not functional nor something that would affect my decision to use the product, but additional features I hope to see in future releases. The primary feature is the ability to selectively purge records from the audit tables. Currently, Entegra purges based upon date only (aged). It would be helpful to be able to selectively purge records/tables based upon more defined criteria. I would also like to see them use PK/FK relationships within their tables and make use of cascading deletes, but these are tied to the same desire for more selective purging and the creation of custom reports.

SELECTION CRITERIA: We considered the continued use of triggers and application modifications, but those approaches have too many shortcomings for them to be trustworthy, efficient alternatives.

DELIVERABLES: Entegra provides government-required audit trails that let us know who has accessed or changed data, what data has been changed and what changes were made. It provides custom alerts so that any unauthorized access can be quickly addressed by our IT staff. The audit records from Entegra meet the SEC and other government requirements for database audit trails.

VENDOR SUPPORT: The few times that I have needed it, the support staff has been very knowledgeable and quick to respond - both via e-mail and on the telephone. I have found Lumigent to be open and responsive to requests for support as well as product enhancements.

DOCUMENTATION: The Entegra documentation is above average - the installation is simple and straightforward, very intuitive. I have rarely needed it. When I did, I found the information quickly, and it was concise, complete and answered my questions.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access